How to Track Subcontractor Compliance Without a Risk Manager on Staff

Most general contractors and property managers running 5- to 50-person operations don't have a risk manager, a compliance officer, or an HR department. What they have is a project manager who's also answering RFIs, a bookkeeper who's also handling vendor onboarding, and a shared Google Drive folder with certificates of insurance that may or may not be current.

That combination works — until it doesn't.

When your painter's general liability policy expired last Tuesday and you find out about it during a job site incident, the call you're about to make to your insurance broker is going to be uncomfortable. When an inspector pulls your electrical subcontractor's license and it lapsed three months ago, you own that problem. When the IRS flags a missing W-9 from a sub you paid $18,000 to last year, "we forgot to collect it" is not a useful answer.

Subcontractor compliance tracking is one of those operational tasks that feels manageable until it isn't — and by the time it becomes a problem, the damage is already done.

What "Subcontractor Compliance" Actually Means for a Lean Team

When risk managers talk about vendor compliance, they mean a formal program with audit trails, insurance minimums tied to contract type, and quarterly reviews. That's not what most GCs and property managers have, and it's not what this guide is about.

For a lean operation, subcontractor compliance comes down to three categories:

1. Certificate of Insurance (COI) Currency

Your subcontractors carry their own liability and workers' compensation insurance. When their policies expire, your exposure doesn't expire with them — it increases. When an uninsured sub causes property damage or a worker gets hurt on your site, the claim has nowhere to go except up to your policy.

The specific failure modes:

• General liability lapse. The policy renewal didn't go through, or the sub let it lapse intentionally to save money between jobs. You don't know because nobody checked.
• Wrong additional insured. The COI on file was issued for a different project or a different GC. Your company isn't named as additional insured on the current policy.
• Coverage limits below your contract minimums. You specified $1M per occurrence in your subcontract. The policy on file is for $500K.
• Workers' comp exclusions. Single-member LLCs are frequently excluded from their own workers' comp coverage. Your standard COI request doesn't surface this unless someone reads the policy carefully.

2. License and Registration Status

Every state has a licensing authority for contractors and trades. In Texas, it's TDLR for most mechanical trades. In California, it's CSLB. In Florida, DBPR. These licenses are public record, and they expire on a schedule.

A subcontractor who was licensed when you onboarded them may not be licensed now. License lapses happen for several reasons: failed renewal, outstanding complaints, insurance requirements not met with the state board. None of these reasons appear on the COI you collected at project start.

The liability exposure: in most states, if you knowingly used an unlicensed subcontractor — or should have known — you share liability for any work defects, and your general contractor license can be put at risk in a complaint proceeding.

3. W-9 Collection and Completeness

Missing W-9s are invisible until they aren't. At year-end, your bookkeeper needs to issue 1099s for every sub or vendor you paid $600 or more. If the W-9 was never collected — or was collected but the sub changed their legal entity since then — you're issuing a 1099 to the wrong entity, or you're not issuing one at all. The IRS doesn't treat that as the sub's problem. It treats it as yours: backup withholding you may owe, penalties for incorrect information returns, and a paper trail that makes your operation look like it doesn't have its documentation in order.

The specific failure modes:

• W-9 collected but outdated. The sub changed their legal entity or TIN since the last W-9 on file. The 1099 you issued went to the wrong entity.
• W-9 never collected. The sub was onboarded quickly for a single job and the paperwork never got finished.
• Incomplete W-9. Missing signature, wrong certification checkbox, wrong entity classification.

Where Lean Teams Actually Break Down

The spreadsheet approach to compliance tracking fails in predictable ways. Understanding where it breaks down is more useful than a generic pitch for "better organization."

Building a Compliance System That Doesn't Require a Dedicated Staff Member

The goal isn't to replicate what a risk management department does. The goal is to create a system with enough structure that compliance doesn't fall through the cracks — even when you're busy, even when the person who usually handles it is out.

Define Minimum Requirements Per Sub Category

Not every subcontractor needs the same documentation. An HVAC sub with employees working in occupied buildings has different risk exposure than a landscaper doing exterior work on a vacant property. Set minimum requirements by category:

Write this down. Make it a checklist, not a judgment call.

Centralize Documents in One Place

Email folders don't count. You need a single location — accessible to whoever handles compliance — where every sub's current COI, license information, and W-9 is stored and linked to that sub's profile. When you need to pull documentation for a job walk, a lender, or an audit, it takes 30 seconds, not a search through email threads.

Set Expiration Alerts at 60 and 30 Days

Manual expiration reviews only work if someone actually does the review. Most lean teams don't. Automated alerts change the dynamic: instead of someone having to remember to check, the system surfaces the problem before the expiration hits.

The 60-day alert gives you time to request an updated COI before you're in a rush. The 30-day alert is your actual deadline — if you haven't received an updated certificate by now, the sub goes on hold until you do.

Build Sub Onboarding Into Your Project Kickoff

The most common reason compliance documentation is missing is that it was never collected in the first place. Create a step in your project kickoff process that requires every sub to submit their documentation before they receive their first purchase order or get added to the schedule. Not as a nice-to-have — as a hard requirement. If a sub can't provide a current COI and active license at onboarding, that's useful information before they start work, not after.

Verify Licenses Directly — Don't Accept Copies

A sub can give you a copy of a license that expired six months ago. State licensing databases are public. For Texas contractors, TDLR's lookup is free. CSLB in California is free. DBPR in Florida is free.

If you're managing more than 20 to 30 active subs, doing this manually for every renewal cycle is the task that gets skipped first — not because it's hard, but because it's invisible until it isn't. A missed license renewal on a roofing sub doesn't announce itself. It shows up on a job site inspection, or in a complaint proceeding, or in the conversation where you explain to your client why work has to stop. At that point, the 90 seconds it would have taken to run the lookup looks like a very different investment.

When a Spreadsheet Becomes a Liability

There's a threshold somewhere between 10 and 30 active subcontractors where manual compliance tracking stops being inconvenient and starts being genuinely risky. The volume of expiration dates, the number of trades, the pace of project turnover — it outpaces what a part-time administrative effort can realistically track.

At that point, the question isn't whether to use a system — it's what kind of system.

The Bottom Line

You don't need a risk manager to run a compliant operation. You need a system that surfaces problems before they become incidents — and that doesn't rely on someone remembering to check a spreadsheet.

Start with the basics: a checklist of what you require by trade, a central document store, automated expiration alerts, and direct license verification. If your sub count is growing past the point where manual tracking is realistic, TrackMyVendor is worth a look before the next incident makes the case for you — the free tier covers 25 subs, no credit card required, and most operations have their roster entered in under 10 minutes.